Skip to content

Support for advertising Transmitter metadata for multiple versions of spec #241

@cisco-skolla

Description

@cisco-skolla

Current SSF transmitter metadata endpoint doesn't allow supporting multiple versions of the spec. Do you have any recommendations on supporting multiple versions?

If a transmitter wants to support multiple versions of the specification, transmitter has to maintain separate metadata endpoints for each version of the spec. Instead, if the metadata endpoint allows publishing the metadata per spec, that would avoid managing multiple sets of metadata endpoints. This will allow transmitters supporting multiple versions (v1, v2, v3..) of the spec and receivers can get the information just by invoking metadata endpoint .well-known/ssf-configuration without having human intervention.

Current Transmitter Configuration /.well-known/ssf-configuration response:


{
  "spec_version": "1_0-ID3",
  "issuer":
    "https://tr.example.com",
  "jwks_uri":
    "https://tr.example.com/jwks.json",
  "delivery_methods_supported": [
    "urn:ietf:rfc:8935",
    "urn:ietf:rfc:8936"],
  "events_supported": [
    "https://schemas.openid.net/secevent/ssf/event-type/stream-updated",
    "https://schemas.openid.net/secevent/ssf/event-type/verification",
    "https://schemas.openid.net/secevent/risc/event-type/sessions-revoked"
    "https://schemas.openid.net/secevent/caep/event-type/session-revoked"],
  "configuration_endpoint":
    "https://tr.example.com/ssf/mgmt/stream",
  "status_endpoint":
    "https://tr.example.com/ssf/mgmt/status",
  "add_subject_endpoint":
    "https://tr.example.com/ssf/mgmt/subject:add",
  "remove_subject_endpoint":
    "https://tr.example.com/ssf/mgmt/subject:remove",
  "verification_endpoint":
    "https://tr.example.com/ssf/mgmt/verification",
  "critical_subject_members": [ "tenant", "user" ],
  "authorization_schemes":[
      {
        "spec_urn": "urn:ietf:rfc:6749"
      },
      {
        "spec_urn": "urn:ietf:rfc:8705"
      }
    ],
  "default_subjects": "NONE"
}

Asking for support for multiple versions:

{
  "1_0-ID3":{
  "issuer":
    "https://tr.example.com",
  "jwks_uri":
    "https://tr.example.com/jwks.json",
  "delivery_methods_supported": [
    "urn:ietf:rfc:8935",
    "urn:ietf:rfc:8936"],
  "events_supported": [
    "https://schemas.openid.net/secevent/ssf/event-type/stream-updated",
    "https://schemas.openid.net/secevent/ssf/event-type/verification",
    "https://schemas.openid.net/secevent/risc/event-type/sessions-revoked"
    "https://schemas.openid.net/secevent/caep/event-type/session-revoked"],
  "configuration_endpoint":
    "https://tr.example.com/ssf/mgmt/stream",
  "status_endpoint":
    "https://tr.example.com/ssf/mgmt/status",
  "add_subject_endpoint":
    "https://tr.example.com/ssf/mgmt/subject:add",
  "remove_subject_endpoint":
    "https://tr.example.com/ssf/mgmt/subject:remove",
  "verification_endpoint":
    "https://tr.example.com/ssf/mgmt/verification",
  "critical_subject_members": [ "tenant", "user" ],
  "authorization_schemes":[
      {
        "spec_urn": "urn:ietf:rfc:6749"
      },
      {
        "spec_urn": "urn:ietf:rfc:8705"
      }
    ],
  "default_subjects": "NONE"
}
"1_0-ID1" : {
  "issuer":
    "https://tr.example.com",
  "jwks_uri":
    "https://tr.example.com/jwks.json",
  "delivery_methods_supported": [
    "https://schemas.openid.net/secevent/risc/delivery-method/push",
    "https://schemas.openid.net/secevent/risc/delivery-method/poll"],
  "configuration_endpoint":
    "https://tr.example.com/sse/mgmt/stream",
  "status_endpoint":
    "https://tr.example.com/sse/mgmt/status",
  "add_subject_endpoint":
    "https://tr.example.com/sse/mgmt/subject:add",
  "remove_subject_endpoint":
    "https://tr.example.com/sse/mgmt/subject:remove",
  "verification_endpoint":
    "https://tr.example.com/sse/mgmt/verification",
  "critical_subject_members": [ "tenant", "user" ]
}

}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions